/** * Checks that this user is logged in, and presents a login screen if they aren't. * * The function can optionally confirm whether they are a member of one of a list * of roles, and deny access if they are not a member of any of them. * * @param string $roles The list of roles that the user must be a member of one of to be allowed to proceed. * @return boolean Whether or not the user is logged in and is a member of one of the required roles. */ function LoginRequired($roles = '') { global $c, $session, $main_menu, $sub_menu, $tab_menu; $current_domain = isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['SERVER_ADDR']; if (isset($c->restrict_admin_domain) && $c->restrict_admin_domain != $current_domain || isset($c->restrict_admin_port) && $c->restrict_admin_port != $_SERVER['SERVER_PORT']) { header('Location: caldav.php'); dbg_error_log('LOG WARNING', 'Access to "%s" via "%s:%d" rejected.', $_SERVER['REQUEST_URI'], $current_domain, $_SERVER['SERVER_PORT']); @ob_flush(); exit(0); } if (isset($c->restrict_admin_roles) && $roles == '') { $roles = $c->restrict_admin_roles; } if ($this->logged_in && $roles == '') { return; } /** * We allow basic auth to apply also, if present, though we check everything else first... */ if (isset($_SERVER['PHP_AUTH_USER']) && !$this->logged_in && $_SERVER['PHP_AUTH_USER'] != "" && $_SERVER['PHP_AUTH_PW'] != "" && !$_COOKIE['NoAutoLogin']) { if ($this->Login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], false)) { setcookie('NoAutoLogin', 1, 0); return; } } if (!$this->logged_in) { $c->messages[] = i18n('You must log in to use this system.'); include_once 'page-header.php'; if (function_exists('local_index_not_logged_in')) { local_index_not_logged_in(); } else { if ($this->login_failed) { $c->messages[] = i18n('Invalid user name or password.'); } echo '<h1>' . translate('Log On Please') . "</h1>\n"; echo '<p>' . translate('For access to the') . ' ' . translate($c->system_name) . ' ' . translate('you should log on with the username and password that have been issued to you.') . "</p>\n"; echo '<p>' . translate('If you would like to request access, please e-mail') . ' ' . $c->admin_email . "</p>\n"; echo $this->RenderLoginPanel(); } } else { $valid_roles = explode(',', $roles); foreach ($valid_roles as $k => $v) { if ($this->AllowedTo($v)) { return; } } $c->messages[] = i18n('You are not authorised to use this function.'); include_once 'page-header.php'; } include 'page-footer.php'; @ob_flush(); exit(0); }
/** * Checks that this user is logged in, and presents a login screen if they aren't. * * The function can optionally confirm whether they are a member of one of a list * of groups, and deny access if they are not a member of any of them. * * @param string $groups The list of groups that the user must be a member of one of to be allowed to proceed. * @return boolean Whether or not the user is logged in and is a member of one of the required groups. */ function LoginRequired($groups = "") { global $c, $session, $main_menu, $sub_menu, $tab_menu; if ($this->logged_in && $groups == "") { return; } if (!$this->logged_in) { $c->messages[] = "You must log in to use this system."; $c->page_title = "Log in please"; include_once "page-header.php"; if (function_exists("local_index_not_logged_in")) { local_index_not_logged_in(); } else { echo <<<EOHTML <h1>Log On Please</h1> <p>For access to the {$c->system_name} you should log on with the username and password that have been issued to you.</p> <p>If you would like to request access, please e-mail {$c->admin_email}.</p> EOHTML; echo $this->RenderLoginPanel(); } } else { $valid_groups = split(",", $groups); foreach ($valid_groups as $k => $v) { if ($this->AllowedTo($v)) { return; } } $c->messages[] = "You are not authorised to use this function."; include_once "page-header.php"; } include "page-footer.php"; exit; }
if (!isset($maxresults) || intval($maxresults) == 0) { $maxresults = 200; } $search_query .= " LIMIT {$maxresults} "; include_once "search_listing_functions.php"; include_once "search_list_results.php"; } elseif (is_member_of('Admin', 'Support')) { include "indexsupport.php"; } elseif ($session->AllowedTo('Contractor')) { include "indexextsupport.php"; } else { include "indexclients.php"; } } else { if (function_exists("local_index_not_logged_in")) { local_index_not_logged_in(); } else { ?> <H4>For access to the <?php echo $system_name; ?> you should log on with the username and password that have been issued to you.</H4> <h4>If you would like to request access, please e-mail <?php echo $admin_email; ?> .</h4> <p>If you have forgotten your password, you can <a href="/temppass.php">request a temporary one</a>.</p>
/** * Checks that this user is logged in, and presents a login screen if they aren't. * * The function can optionally confirm whether they are a member of one of a list * of groups, and deny access if they are not a member of any of them. * * @param string $groups The list of groups that the user must be a member of one of to be allowed to proceed. * @return boolean Whether or not the user is logged in and is a member of one of the required groups. */ function LoginRequired($groups = "") { global $c, $session; if ($this->logged_in && $groups == "") { return; } if (!$this->logged_in) { $c->messages[] = i18n("You must log in to use this system."); if (function_exists("local_index_not_logged_in")) { local_index_not_logged_in(); } else { $login_html = translate("<h1>Log On Please</h1><p>For access to the %s you should log on withthe username and password that have been issued to you.</p><p>If you would like to request access, please e-mail %s.</p>"); $page_content = sprintf($login_html, $c->system_name, $c->admin_email); $page_content .= $this->RenderLoginPanel(); if (isset($page_elements) && gettype($page_elements) == 'array') { $page_elements[] = $page_content; @(include "page-renderer.php"); exit(0); } @(include "page-header.php"); echo $page_content; @(include "page-footer.php"); } } else { $valid_groups = explode(",", $groups); foreach ($valid_groups as $k => $v) { if ($this->AllowedTo($v)) { return; } } $c->messages[] = i18n("You are not authorised to use this function."); if (isset($page_elements) && gettype($page_elements) == 'array') { @(include "page-renderer.php"); exit(0); } @(include "page-header.php"); @(include "page-footer.php"); } exit; }